1. Field of the Invention
The invention relates to electronic searching for one or more documents storing a digital fingerprint, where the digital fingerprint is created from the document's key and value for the key. Optionally, an aspect of the invention relates to using such a search in connection with computer security management.
2. Description of the Related Art
One of the greatest challenges to any computer security professional today is having access to critical pieces of information about the computers and networks he or she is trying to protect at the moment the latest vulnerability is announced. In a typical enterprise, there are numerous disparate information technology and security products that provide visibility into what assets an organization may have, how they are configured, their patch levels, and even perhaps granular information and attributes such as what processes and executables are running.
Nevertheless, it is a struggle to collect a holistic set of data in a timely manner due to the fact that the relevant information is not in a friendly file format, is unstructured and impractical for centralized collection and storage and/or is not practical because of a file's complexity, location, owner or size. Additionally, there is a growing trend to attempt to track a holistic set of data in a configuration management database (CMDB) in accordance with the Information Technology Information Library (ITIL) best practice recommendations. However, the emergent and ever-changing nature of vulnerabilities does not lend itself to readily leveraging the CDMB as the central authoritative source for rapid assessment and mitigation actions.
Further complicating the management challenge is the convergence of security management products and regulatory compliance mandates that require compliance and security professionals to have even greater access to on-demand information. This poses even a greater technical hurdle in that compliance-related data is typically stored across silos in the enterprise by many stakeholders with file formats ranging from email, spreadsheets, PowerPoint™, and various databases.
Content stored in a computer system, the Internet, a corporate or proprietary network, or a personal computer might be located by a search engine in some situations. A typical search engine allows a user to specify search criteria (generally a given word or phrase), and returns as search results a list of documents with content likely meeting the search criteria.
In order to rapidly return the search results, the search engine can use a search index to the documents. Popular search engines focus on the full-text indexing of online, natural language documents; meta search engines reuse the indices of other services and do not store a local index; and partial text services restrict the depth indexed to reduce index size. A conventional search index can be built and maintained by indexing documents into the search index periodically and/or in response to requests to be indexed.
The queries one can make in a conventional search engine are currently limited to searching for keywords which have been indexed. Unfortunately, use of plural keywords may result in many false positives, that is, documents with all of the specified keywords but no real relation to the search. Conventional search engines have limited usefulness for security management.